SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-2817

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-2817

Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3

Type: security

Severity: moderate

Issued: 2021-08-23

Description:

This patch updates the Python AWS SDK stack in SLE 15:

General:

# aws-cli

- Version updated to upstream release v1.19.9
  For a detailed list of all changes, please refer to the changelog file of this package.

# python-boto3

- Version updated to upstream release 1.17.9
  For a detailed list of all changes, please refer to the changelog file of this package.

# python-botocore

- Version updated to upstream release 1.20.9
  For a detailed list of all changes, please refer to the changelog file of this package.

# python-urllib3

- Version updated to upstream release 1.25.10
  For a detailed list of all changes, please refer to the changelog file of this package.

# python-service_identity

- Added this new package to resolve runtime dependencies for other packages.
  Version: 18.1.0

# python-trustme

- Added this new package to resolve runtime dependencies for other packages.
  Version: 0.6.0

Security fixes:

# python-urllib3:
  
- CVE-2020-26137: urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated
  by inserting CR and LF control characters in the first argument of putrequest() (bsc#1177120)

References

Packages

python-boto3-1.17.9-19.1

python-botocore-1.20.9-33.1